Friday, April 30, 2010

Jsunpack-n update 0.3.2: Major Updates

Happy Friday! ;)

I added LOTS of great new features in this release. Here's the CHANGELOG.
Sorry for the Friday update, it seems like I've still got lots of work left to do still!

Updates 2010-04-30 version 0.3.2
1) added configuration command line option -c which replaces all former directories and filenames specified on the
command line, now uses options.config instead
2) added command line option -J option to disable any decoding
3) added document.title parsing
4) js.files is now part of urlattr/rooturl structure
5) handle referrers in building the tree
6) detection now can be performed against full decoded stream (ie. between different decode levels on the same decoding)
don't use decodedOnly filter in the rule if you expect to match on the full decoded stream
7) ipaddress logging upon detecting malicious contents with a 'options.config' option
8) make PDF headers available to future decodings
9) added navigator.plugins enumeration in pre.js
10) support getAnnot calls (note: previously getAnnots was supported only)
11) html parsing customizable configuration file (see htmlparse.config file)
12) fixed a bug in htmlparsing related to NULL bytes
13) added pdf app.plugIns enumeration
14) other bug fixes


  1. fyi.. when running jsunpackn version 0.3.2c(beta) in debug mode, one can trigger division-by-zero error.

    Example (running it against pcap) :

    Traceback (most recent call last):
    File "./", line 1328, in
    File "./", line 1309, in main
    print '[debug] average seconds per call is %.02f\n' % (js.rooturl[url].dbgobj.totalJsTime()/js.rooturl[url].dbgobj.numberTotalLaunches())
    ZeroDivisionError: integer division or modulo by zero

  2. fixed, thanks for reporting it